Proof Testing of Safety Instrumented Functions: A Beginners Guide (Part 1)

Proof Testing of Safety Instrumented Functions: A Beginners Guide - Engineering Safety Consultatnts David Green

David Green

By Dave Green, Engineering Manager, Engineering Safety Consultants Ltd

A key part of any IEC 61511 or IEC 61508 Safety Integrity Level (SIL) Assessment is the Random Hardware Failures verification; does the Safety Instrument Function (SIF) meet its Probability of Failure on Demand (PFD).  Achieving this is heavily dependent on the frequency at which a SIF (and its constituent elements) is PROOF TESTED.  This means that if the proof testing strategy (frequency, coverage, management etc.) is flawed, risk targets may not be met, despite ‘what the numbers say’. Clearly a good understanding of the principles of proof testing is essential.  Here are a few FAQs to get you started.

1. What is proof testing?

Proof testing is defined in IEC 61508 as a ‘Periodic test performed to detect dangerous hidden failures in a safety-related system so that, if necessary, a repair can restore the system to an “as new” condition or as close as practical to this condition’.  In simple terms, a proof test is designed to reveal all the ‘undetected/unrevealed’ failures which the device may be harbouring unbeknown to anyone.

2. Why do we need to do proof testing?

When estimating the PFD of a device, the frequency at which a device is proof tested has a significant impact on the overall PFD.  Therefore, if the device is not tested at the specified interval, there is a danger that an undetected failure may be left unrevealed until a demand is placed upon it and your safety function will not work when you need it to!

3. Are proof testing and functional testing the same thing?

No! A functional test is usually referred to the testing of a SIF to ensure that the specified function is working correctly.  However, in redundant channels, would a functional test reveal all faults?  Possibly not; If a subsystem is voted in a 1oo2 configuration, a functional test may detect a dangerous fault of the sensor architecture but won’t highlight how many faults:

Proof Testing of Safety Instrumented Functions: - Engineering Safety ConsultantsA proof test however, should reveal all faults even if there are multiple faults as (typically), ALL elements are individually tested.


What next?

Check out Proof Testing of Safety Instrumented Functions: A Beginners Guide (Part 2), where I discuss:

  1. Can I conduct a perfect proof test?
  2. What is Proof Test Coverage?
  3. How do I conduct a proof test?
  4. How much will this cost!?

ESC have the knowledge and expertise to assist with producing proof test procedures which will provide the maximum proof test coverage as well as helping in implementing a formal competence assessment strategy. See details of our one day course on the Introduction to Safety Instrumented Systems for Technicians (IEC 61508/IEC 61511).